Microsoft has warned that another one of its operating system products is vulnerable to a critical vulnerability, that was patched in some operating systems two weeks ago. In an update to its MS08-001 security bulletin, Microsoft said that the latest release of Windows Small Business Server was also critically at risk from a bug in Windows’ networking software.

The flaw is also considered critical for Windows XP and Vista users. Microsoft did not say why it had initially omitted Small Business Server from its list of critically affected operating systems, but it said that the product’s users were being offered patches via Microsoft’s various automatic update services.

“Customers with Windows Small Business Server 2003 Service Pack 2 should apply the update to remain secure,” Microsoft said in its updated bulletin.

The bug lies in the way Windows processes networking traffic that uses IGMP (Internet Group Management Protocol) and MLD (Multicast Listener Discovery) protocols, which are used to send data to many systems at the same time. Microsoft said that an attacker could send specially crafted packets to a victim’s machine, which could then allow the attacker to run unauthorised code on a system.

Microsoft rates the flaw as “important” for Windows Server 2003, meaning that it would be more difficult for attackers to exploit the flaw on this operating system.

Read the rest at ComputerWorld UK

Tags: Microsoft, Operating Systems, Security, Software, Vista, vulnerability, Windows XP

Related posts

• Speed up that start menu 95,98,ME, 2K, AND XP (0)
• Unpatched IE bug (0)
• Worm spells double trouble for PCs (0)
• Putting Vista in the fast lane (0)
• Microsoft: Nothing to gain from Firefox flaws (0)